Drop backport for RT#7598

author: Nalin Dahyabhai <nalin@dahyabhai.net> 2013-10-15 16:50:37 -0400
committer: Nalin Dahyabhai <nalin@dahyabhai.net> 2013-11-19 17:32:19 -0500
commit: bd8c46afd26e166f11b938e8b77921953f850c83 (patch)
tree: b280d9d237afc8a8a169f61bea9e31a57ef31154
parent: 286168174b524d3dc57739522217f1fa24e6727d (diff)
download: krb5-bd8c46afd26e166f11b938e8b77921953f850c83.tar.gz
krb5-bd8c46afd26e166f11b938e8b77921953f850c83.tar.xz
krb5-bd8c46afd26e166f11b938e8b77921953f850c83.zip
2 files changed, 1 insertions, 133 deletions
diff --git a/krb5-1.11-gss-client-keytab.patch b/krb5-1.11-gss-client-keytab.patch
deleted file mode 100644
index 3c1e964..0000000
--- a/krb5-1.11-gss-client-keytab.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Originally http://fedorapeople.org/cgit/simo/public_git/krb5.git/commit/?h=gss_cs&id=a3b9bf20df1d976775ed929d8cb5f4844e03b1bf
-
-commit a3b9bf20df1d976775ed929d8cb5f4844e03b1bf
-Author: Simo Sorce <simo@redhat.com>
-Date:   Thu Mar 28 12:53:01 2013 -0400
-
-    Add support for client keytab from cred store
-    
-    The new credential store extensions added support for specifying a
-    specific ccache name and also a specific keytab to be used for accepting
-    security contexts, but did not add a way to specify a client keytab
-    to be used in conjunction with the Keytab initiation support added also
-    in 1.11
-    
-    This patch introduces a new URN named client_keytab through which a
-    specific client_keytab can be set when calling gss_acquire_cred_from()
-    and Keytab Initiation will use that keytab to initialize credentials.
-
-diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
-index 4d499e4..8540bf3 100644
---- a/src/lib/gssapi/krb5/acquire_cred.c
-+++ b/src/lib/gssapi/krb5/acquire_cred.c
-@@ -636,6 +636,7 @@ acquire_init_cred(krb5_context context,
-                   OM_uint32 *minor_status,
-                   krb5_ccache req_ccache,
-                   gss_buffer_t password,
-+                  krb5_keytab client_keytab,
-                   krb5_gss_cred_id_rec *cred)
- {
-     krb5_error_code code;
-@@ -659,9 +660,13 @@ acquire_init_cred(krb5_context context,
-             goto error;
-     }
- 
--    code = krb5_kt_client_default(context, &cred->client_keytab);
--    if (code)
--        goto error;
-+    if (client_keytab != NULL)
-+        cred->client_keytab = client_keytab;
-+    else {
-+        code = krb5_kt_client_default(context, &cred->client_keytab);
-+        if (code)
-+            goto error;
-+    }
- 
-     if (password != GSS_C_NO_BUFFER) {
-         pwdata = make_data(password->value, password->length);
-@@ -719,8 +724,9 @@ static OM_uint32
- acquire_cred_context(krb5_context context, OM_uint32 *minor_status,
-                      gss_name_t desired_name, gss_buffer_t password,
-                      OM_uint32 time_req, gss_cred_usage_t cred_usage,
--                     krb5_ccache ccache, krb5_keytab keytab,
--                     krb5_boolean iakerb, gss_cred_id_t *output_cred_handle,
-+                     krb5_ccache ccache, krb5_keytab client_keytab,
-+                     krb5_keytab keytab, krb5_boolean iakerb,
-+                     gss_cred_id_t *output_cred_handle,
-                      OM_uint32 *time_rec)
- {
-     krb5_gss_cred_id_t cred = NULL;
-@@ -787,7 +793,8 @@ acquire_cred_context(krb5_context context, OM_uint32 *minor_status,
-      * in cred->name if it wasn't set above.
-      */
-     if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
--        ret = acquire_init_cred(context, minor_status, ccache, password, cred);
-+        ret = acquire_init_cred(context, minor_status, ccache, password,
-+                                client_keytab, cred);
-         if (ret != GSS_S_COMPLETE)
-             goto error_out;
-     }
-@@ -864,8 +871,8 @@ acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
-     }
- 
-     ret = acquire_cred_context(context, minor_status, desired_name, password,
--                               time_req, cred_usage, ccache, keytab, iakerb,
--                               output_cred_handle, time_rec);
-+                               time_req, cred_usage, ccache, NULL, keytab,
-+                               iakerb, output_cred_handle, time_rec);
- 
- out:
-     krb5_free_context(context);
-@@ -1130,6 +1137,7 @@ krb5_gss_acquire_cred_from(OM_uint32 *minor_status,
- {
-     krb5_context context = NULL;
-     krb5_error_code code = 0;
-+    krb5_keytab client_keytab = NULL;
-     krb5_keytab keytab = NULL;
-     krb5_ccache ccache = NULL;
-     const char *value;
-@@ -1162,6 +1170,19 @@ krb5_gss_acquire_cred_from(OM_uint32 *minor_status,
-         }
-     }
- 
-+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_CLI_KEYTAB_URN, &value);
-+    if (GSS_ERROR(ret))
-+        goto out;
-+
-+    if (value) {
-+        code = krb5_kt_resolve(context, value, &client_keytab);
-+        if (code != 0) {
-+            *minor_status = code;
-+            ret = GSS_S_CRED_UNAVAIL;
-+            goto out;
-+        }
-+    }
-+
-     ret = kg_value_from_cred_store(cred_store, KRB5_CS_KEYTAB_URN, &value);
-     if (GSS_ERROR(ret))
-         goto out;
-@@ -1176,8 +1197,8 @@ krb5_gss_acquire_cred_from(OM_uint32 *minor_status,
-     }
- 
-     ret = acquire_cred_context(context, minor_status, desired_name, NULL,
--                               time_req, cred_usage, ccache, keytab, 0,
--                               output_cred_handle, time_rec);
-+                               time_req, cred_usage, ccache, client_keytab,
-+                               keytab, 0, output_cred_handle, time_rec);
- 
- out:
-     if (ccache != NULL)
-diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
-index 8215b10..310ff58 100644
---- a/src/lib/gssapi/krb5/gssapiP_krb5.h
-+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
-@@ -1227,6 +1227,7 @@ data_to_gss(krb5_data *input_k5data, gss_buffer_t output_buffer)
- 
- /* Credential store extensions */
- 
-+#define KRB5_CS_CLI_KEYTAB_URN "client_keytab"
- #define KRB5_CS_KEYTAB_URN "keytab"
- #define KRB5_CS_CCACHE_URN "ccache"
- 
diff --git a/krb5.spec b/krb5.spec
index 1446c98..502910f 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -88,7 +88,6 @@ Patch63: krb5-1.12-selinux-label.patch
 Patch71: krb5-1.11-dirsrv-accountlock.patch
 Patch86: krb5-1.9-debuginfo.patch
 Patch105: krb5-kvno-230379.patch
-Patch117: krb5-1.11-gss-client-keytab.patch
 Patch121: krb5-cccol-primary.patch
 Patch123: krb5-1.11.2-empty_passwords.patch
 Patch124: krb5-1.11.2-arcfour_short.patch
@@ -320,7 +319,6 @@ ln -s NOTICE LICENSE
 %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
 %patch86 -p0 -b .debuginfo
 %patch105 -p1 -b .kvno
-%patch117 -p1 -b .gss-client-keytab
 %patch121 -p1 -b .cccol-primary
 %patch123 -p1 -b .empty_passwords
 %patch124 -p1 -b .arcfour_short
@@ -1032,6 +1030,7 @@ exit 0
   - drop backport for RT#7689
   - drop obsolete patch for fixing a use-before-init in a test program
   - drop obsolete patch teaching config.guess/config.sub about aarch64-linux
+  - drop backport for RT#7598
 
 * Wed Oct 16 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-26
 - create and own /etc/gss (#1019937)
author	Nalin Dahyabhai <nalin@dahyabhai.net>	2013-10-15 16:50:37 -0400
committer	Nalin Dahyabhai <nalin@dahyabhai.net>	2013-11-19 17:32:19 -0500
commit	bd8c46afd26e166f11b938e8b77921953f850c83 (patch)
tree	b280d9d237afc8a8a169f61bea9e31a57ef31154
parent	286168174b524d3dc57739522217f1fa24e6727d (diff)
download	krb5-bd8c46afd26e166f11b938e8b77921953f850c83.tar.gz krb5-bd8c46afd26e166f11b938e8b77921953f850c83.tar.xz krb5-bd8c46afd26e166f11b938e8b77921953f850c83.zip