Drop backport for RT#7590 and partial for RT#7680

author: Nalin Dahyabhai <nalin@dahyabhai.net> 2013-10-15 17:31:49 -0400
committer: Nalin Dahyabhai <nalin@dahyabhai.net> 2013-11-19 17:38:54 -0500
commit: 00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09 (patch)
tree: 1f3778bf72192f6a34b554113786e6298ac4adbc
parent: 19bc209a190ea8166cacb92576925c0031da6eb5 (diff)
download: krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.tar.gz
krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.tar.xz
krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.zip
3 files changed, 1 insertions, 150 deletions
diff --git a/krb5-1.11.3-prompter1.patch b/krb5-1.11.3-prompter1.patch
deleted file mode 100644
index e8d393d..0000000
--- a/krb5-1.11.3-prompter1.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-commit a8eec52a13ba108b8855aef8cf9dafeb37811d2e
-Author: Nalin Dahyabhai <nalin@redhat.com>
-Date:   Fri Mar 15 12:05:56 2013 -0400
-
-    Add PEM password prompter callback in PKINIT
-    
-    Supply a callack to PEM_read_bio_PrivateKey() using the prompter to
-    request a password for encrypted PEM data.  Otherwise OpenSSL will use
-    the controlling terminal.
-    
-    [ghudson@mit.edu: minor style cleanup, commit message]
-    
-    ticket: 7590
-
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index 6dbda9b..7186ce8 100644
---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -656,11 +656,50 @@ cleanup:
-     return retval;
- }
- 
-+struct get_key_cb_data {
-+    krb5_context context;
-+    pkinit_identity_crypto_context id_cryptoctx;
-+    char *filename;
-+};
-+
-+static int
-+get_key_cb(char *buf, int size, int rwflag, void *userdata)
-+{
-+    struct get_key_cb_data *data = userdata;
-+    pkinit_identity_crypto_context id_cryptoctx;
-+    krb5_data rdat;
-+    krb5_prompt kprompt;
-+    krb5_prompt_type prompt_type;
-+    krb5_error_code retval;
-+    char *prompt;
-+
-+    if (asprintf(&prompt, "%s %s", _("Pass phrase for"), data->filename) < 0)
-+        return -1;
-+    rdat.data = buf;
-+    rdat.length = size;
-+    kprompt.prompt = prompt;
-+    kprompt.hidden = 1;
-+    kprompt.reply = &rdat;
-+    prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
-+
-+    /* PROMPTER_INVOCATION */
-+    k5int_set_prompt_types(data->context, &prompt_type);
-+    id_cryptoctx = data->id_cryptoctx;
-+    retval = data->id_cryptoctx->prompter(data->context,
-+                                          id_cryptoctx->prompter_data, NULL,
-+                                          NULL, 1, &kprompt);
-+    k5int_set_prompt_types(data->context, 0);
-+    free(prompt);
-+    return retval ? -1 : (int)rdat.length;
-+}
-+
- static krb5_error_code
--get_key(char *filename, EVP_PKEY **retkey)
-+get_key(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
-+        char *filename, EVP_PKEY **retkey)
- {
-     EVP_PKEY *pkey = NULL;
-     BIO *tmp = NULL;
-+    struct get_key_cb_data cb_data;
-     int code;
-     krb5_error_code retval;
- 
-@@ -676,7 +715,10 @@ get_key(char *filename, EVP_PKEY **retkey)
-         retval = errno;
-         goto cleanup;
-     }
--    pkey = (EVP_PKEY *) PEM_read_bio_PrivateKey(tmp, NULL, NULL, NULL);
-+    cb_data.context = context;
-+    cb_data.id_cryptoctx = id_cryptoctx;
-+    cb_data.filename = filename;
-+    pkey = PEM_read_bio_PrivateKey(tmp, NULL, get_key_cb, &cb_data);
-     if (pkey == NULL) {
-         retval = EIO;
-         pkiDebug("failed to read private key from %s\n", filename);
-@@ -4333,7 +4375,7 @@ pkinit_load_fs_cert_and_key(krb5_context context,
-         pkiDebug("failed to load user's certificate from '%s'\n", certname);
-         goto cleanup;
-     }
--    retval = get_key(keyname, &y);
-+    retval = get_key(context, id_cryptoctx, keyname, &y);
-     if (retval != 0 || y == NULL) {
-         pkiDebug("failed to load user's private key from '%s'\n", keyname);
-         goto cleanup;
diff --git a/krb5-1.11.3-prompter2.patch b/krb5-1.11.3-prompter2.patch
deleted file mode 100644
index 015284d..0000000
--- a/krb5-1.11.3-prompter2.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Don't call a prompter function if it's NULL, as it can be, depending on
-which code path we were called from.  Part of the larger responder retrofit
-coming in 1.12 (RT#7680).
-
---- krb5-1.11.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-+++ krb5-1.11.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -673,6 +673,8 @@ get_key_cb(char *buf, int size, int rwfl
-     krb5_error_code retval;
-     char *prompt;
- 
-+    if (data->id_cryptoctx->prompter == NULL)
-+        return -1;
-     if (asprintf(&prompt, "%s %s", _("Pass phrase for"), data->filename) < 0)
-         return -1;
-     rdat.data = buf;
-@@ -3739,10 +3741,15 @@ pkinit_login(krb5_context context,
-         prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
- 
-         /* PROMPTER_INVOCATION */
--        k5int_set_prompt_types(context, &prompt_type);
--        r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
--                                      NULL, NULL, 1, &kprompt);
--        k5int_set_prompt_types(context, 0);
-+        if (id_cryptoctx->prompter == NULL) {
-+            r = KRB5_LIBOS_CANTREADPWD;
-+            rdat.data = NULL;
-+        } else {
-+            k5int_set_prompt_types(context, &prompt_type);
-+            r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
-+                                          NULL, NULL, 1, &kprompt);
-+            k5int_set_prompt_types(context, 0);
-+        }
-         free(prompt);
-     }
- 
-@@ -4307,10 +4314,15 @@ pkinit_get_certs_pkcs12(krb5_context con
-         prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
- 
-         /* PROMPTER_INVOCATION */
--        k5int_set_prompt_types(context, &prompt_type);
--        r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
--                                      NULL, NULL, 1, &kprompt);
--        k5int_set_prompt_types(context, 0);
-+        if (*id_cryptoctx->prompter == NULL) {
-+            retval = KRB5_LIBOS_CANTREADPWD;
-+            goto cleanup;
-+        } else {
-+            k5int_set_prompt_types(context, &prompt_type);
-+            r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
-+                                          NULL, NULL, 1, &kprompt);
-+            k5int_set_prompt_types(context, 0);
-+        }
- 
-         ret = PKCS12_parse(p12, rdat.data, &y, &x, NULL);
-         if (ret == 0) {
diff --git a/krb5.spec b/krb5.spec
index 8d7e3cc..ff972a3 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -93,8 +93,6 @@ Patch126: krb5-1.11.2-skew2.patch
 Patch129: krb5-1.11-run_user_0.patch
 Patch131: krb5-1.11.3-skew3.patch
 Patch134: krb5-1.11-kpasswdtest.patch
-Patch136: krb5-1.11.3-prompter1.patch
-Patch137: krb5-1.11.3-prompter2.patch
 Patch138: krb5-master-keyring-offsets.patch
 Patch139: krb5-master-keyring-expiration.patch
 
@@ -320,8 +318,6 @@ ln -s NOTICE LICENSE
 
 %patch131 -p1 -b .skew3
 %patch134 -p1 -b .kpasswdtest
-%patch136 -p1 -b .prompter1
-%patch137 -p1 -b .prompter2
 %patch138 -p1 -b .keyring-offsets
 %patch139 -p1 -b .keyring-expiration
 
@@ -1023,6 +1019,7 @@ exit 0
     often give us trouble, too; obsolete
   - drop backports for RT#7682
   - drop backport for RT#7709
+  - drop backport for RT#7590 and partial backport for RT#7680
 
 * Wed Oct 16 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-26
 - create and own /etc/gss (#1019937)
author	Nalin Dahyabhai <nalin@dahyabhai.net>	2013-10-15 17:31:49 -0400
committer	Nalin Dahyabhai <nalin@dahyabhai.net>	2013-11-19 17:38:54 -0500
commit	00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09 (patch)
tree	1f3778bf72192f6a34b554113786e6298ac4adbc
parent	19bc209a190ea8166cacb92576925c0031da6eb5 (diff)
download	krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.tar.gz krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.tar.xz krb5-00cf6df3e6e8bd359d5c1c4f4f79f416039d5b09.zip