Drop call-access()-more patch for ksu

- drop patch to add additional access() checks to ksu - they add to breakage
  when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
  benefit, and clash with proposed changes to fix its cache handling

2 files changed, 6 insertions, 50 deletions

diff --git a/krb5-1.10-ksu-access.patch b/krb5-1.10-ksu-access.patch
deleted file mode 100644
index ca155f7..0000000
--- a/krb5-1.10-ksu-access.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-The idea is to not complain about problems in the default ticket file if we
-couldn't read it, because the client would be able to tell if it's there or
-not, and we're implicitly letting the client tell us where it is.  Still needs
-work, I think.
-
---- krb5/src/clients/ksu/ccache.c
-+++ krb5/src/clients/ksu/ccache.c
-@@ -78,7 +78,7 @@ krb5_error_code krb5_ccache_copy (contex
-     cc_def_name = krb5_cc_get_name(context, cc_def);
-     cc_other_name = krb5_cc_get_name(context, *cc_other);
- 
--    if ( ! stat(cc_def_name, &st_temp)){
-+    if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
-         if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
-             return retval;
-         }
---- krb5/src/clients/ksu/heuristic.c
-+++ krb5/src/clients/ksu/heuristic.c
-@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
- 
-     cc_source_name = krb5_cc_get_name(context, cc);
- 
--    if ( ! stat(cc_source_name, &st_temp)){
-+    if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
- 
-         retval = find_ticket(context, cc, client, end_server, &temp_found);
-         if (retval)
-@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
-     cc_source_name = krb5_cc_get_name(context, cc_source);
- 
- 
--    if (! stat(cc_source_name, &st_temp)) {
-+    if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
-         retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
-         if (retval)
-             return retval;
---- krb5/src/clients/ksu/main.c
-+++ krb5/src/clients/ksu/main.c
-@@ -270,7 +270,7 @@ main (argc, argv)
-                 if ( strchr(cc_source_tag, ':')){
-                     cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
- 
--                    if( stat( cc_source_tag_tmp, &st_temp)){
-+                    if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
-                         com_err(prog_name, errno,
-                                 _("while looking for credentials file %s"),
-                                 cc_source_tag_tmp);
diff --git a/krb5.spec b/krb5.spec
index 44cd41b..bbb1a38 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 27%{?dist}
+Release: 28%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -74,7 +74,6 @@ BuildRequires: cmake
 Source100: nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2
 Source101: noport.c
 
-Patch5: krb5-1.10-ksu-access.patch
 Patch6: krb5-1.10-ksu-path.patch
 Patch12: krb5-1.7-ktany.patch
 Patch16: krb5-1.10-buildconf.patch
@@ -318,7 +317,6 @@ ln -s NOTICE LICENSE
 
 %patch63 -p1 -b .selinux-label
 
-%patch5  -p1 -b .ksu-access
 %patch6  -p1 -b .ksu-path
 %patch12 -p1 -b .ktany
 %patch16 -p1 -b .buildconf %{?_rawbuild}
@@ -1006,6 +1004,11 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Nov  4 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-28
+- drop patch to add additional access() checks to ksu - they add to breakage
+  when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
+  benefit, and clash with proposed changes to fix its cache handling
+
 * Tue Oct 22 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-27
 - add some minimal description to the top of the wrapper scripts we use
   when starting krb5kdc and kadmind to describe why they exist (tooling)