rebuildkrb5-1_6_2-3_fc8

author: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-08-23 20:50:42 +0000
committer: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-08-23 20:50:42 +0000
commit: 79f8a98d4fe02e86bd2c92801179efa38c520cdc (patch)
tree: d46e9b02871792603549d6f0391977d303e35b8b
parent: 2f7dffc0f30148c0931250984cda881407bb6a6e (diff)
2 files changed, 171 insertions, 1 deletions
diff --git a/krb5-kpasswd_tcp.patch b/krb5-kpasswd_tcp.patch
new file mode 100644
index 0000000..5889463
--- /dev/null
+++ b/krb5-kpasswd_tcp.patch
@@ -0,0 +1,165 @@
+diff -up src/lib/krb5/os/sendto_kdc.c src/lib/krb5/os/sendto_kdc.c
+--- src/lib/krb5/os/sendto_kdc.c	2007-08-09 16:41:58.000000000 -0400
++++ src/lib/krb5/os/sendto_kdc.c	2007-08-09 16:43:38.000000000 -0400
+@@ -54,8 +54,6 @@
+ #endif
+ 
+ #define MAX_PASS		    3
+-#define DEFAULT_UDP_PREF_LIMIT	 1465
+-#define HARD_UDP_LIMIT		32700 /* could probably do 64K-epsilon ? */
+ 
+ #undef DEBUG
+ 
+diff -up src/lib/krb5/os/os-proto.h src/lib/krb5/os/os-proto.h
+--- src/lib/krb5/os/os-proto.h	2007-08-09 16:42:05.000000000 -0400
++++ src/lib/krb5/os/os-proto.h	2007-08-09 16:42:26.000000000 -0400
+@@ -70,5 +70,7 @@ extern unsigned int krb5_skdc_timeout_sh
+ extern unsigned int krb5_skdc_timeout_1;
+ extern unsigned int krb5_max_dgram_size;
+ 
++#define DEFAULT_UDP_PREF_LIMIT   1465
++#define HARD_UDP_LIMIT          32700 /* could probably do 64K-epsilon ? */
+ 
+ #endif /* KRB5_LIBOS_INT_PROTO__ */
+diff -up src/lib/krb5/os/changepw.c src/lib/krb5/os/changepw.c
+--- src/lib/krb5/os/changepw.c	2007-01-26 17:01:06.000000000 -0500
++++ src/lib/krb5/os/changepw.c	2007-08-09 16:42:15.000000000 -0400
+@@ -197,7 +197,8 @@ krb5_change_set_password(krb5_context co
+ {
+     krb5_data 			chpw_rep;
+     krb5_address 		remote_kaddr;
+-    krb5_boolean		useTcp = 0;
++    int				sockType;
++    krb5_boolean		useTcp[2];
+     GETSOCKNAME_ARG3_TYPE 	addrlen;
+     krb5_error_code 		code = 0;
+     char 			*code_string;
+@@ -206,7 +207,7 @@ krb5_change_set_password(krb5_context co
+     struct sendto_callback_context  callback_ctx;
+     struct sendto_callback_info	callback_info;
+     struct sockaddr_storage	remote_addr;
+-    struct addrlist 		al = ADDRLIST_INIT;
++    struct addrlist		al = ADDRLIST_INIT, tmp_al = ADDRLIST_INIT;
+ 
+     memset( &callback_ctx, 0, sizeof(struct sendto_callback_context));
+     callback_ctx.context = context;
+@@ -225,13 +226,52 @@ krb5_change_set_password(krb5_context co
+ 				     &callback_ctx.ap_req)))
+ 	goto cleanup;
+ 
+-    do {
+-	if ((code = krb5_locate_kpasswd(callback_ctx.context,
+-					krb5_princ_realm(callback_ctx.context,
+-							 creds->server),
+-					&al, useTcp)))
+-	    break;
++    if (!useTcp && context->udp_pref_limit < 0) {
++	int tmp;
++	krb5_error_code retval;
++	retval = profile_get_integer(context->profile,
++				     "libdefaults", "udp_preference_limit", 0,
++				     DEFAULT_UDP_PREF_LIMIT, &tmp);
++	if (retval)
++	    return retval;
++	if (tmp < 0)
++	    tmp = DEFAULT_UDP_PREF_LIMIT;
++	else if (tmp > HARD_UDP_LIMIT)
++	    /* In the unlikely case that a *really* big value is
++	       given, let 'em use as big as we think we can
++	       support.  */
++	    tmp = HARD_UDP_LIMIT;
++	context->udp_pref_limit = tmp;
++    }
++
++    if (callback_ctx.ap_req.length > context->udp_pref_limit) {
++	useTcp[0] = 1;
++	useTcp[1] = 0;
++    } else {
++	useTcp[0] = 0;
++	useTcp[1] = 1;
++    }
+ 
++    for (sockType = 0;
++	 sockType < sizeof(useTcp) / sizeof(useTcp[0]);
++	 sockType++) {
++	krb5_locate_kpasswd(callback_ctx.context,
++			    krb5_princ_realm(callback_ctx.context,
++					     creds->server),
++			    &tmp_al, useTcp[sockType]);
++	if (tmp_al.naddrs > 0) {
++	    krb5int_grow_addrlist(&al, tmp_al.naddrs);
++	    memcpy(al.addrs + al.naddrs, tmp_al.addrs,
++		   sizeof(tmp_al.addrs[0]) * tmp_al.naddrs);
++	    al.naddrs += tmp_al.naddrs;
++	    tmp_al.naddrs = 0;
++	    krb5int_free_addrlist (&tmp_al);
++	}
++    }
++
++    if (al.naddrs == 0) {
++	code = KRB5_REALM_CANT_RESOLVE;
++    } else {
+ 	addrlen = sizeof(remote_addr);
+ 
+ 	callback_info.context = (void*) &callback_ctx;
+@@ -247,15 +287,8 @@ krb5_change_set_password(krb5_context co
+ 				   NULL,
+ 				   ss2sa(&remote_addr),
+                                    &addrlen,
+-				   NULL
+-		 ))) {
+-
+-	    /*
+-	     * Here we may want to switch to TCP on some errors.
+-	     * right?
+-	     */
+-	    break;
+-	}
++				   NULL)))
++	    goto cleanup;
+ 
+ 	remote_kaddr.addrtype = ADDRTYPE_INET;
+ 	remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+@@ -265,7 +298,7 @@ krb5_change_set_password(krb5_context co
+ 					   callback_ctx.auth_context,  
+ 					   NULL, 
+ 					   &remote_kaddr)))
+-	    break;
++	    goto cleanup;
+ 
+ 	if (set_password_for)
+ 	    code = krb5int_rd_setpw_rep(callback_ctx.context, 
+@@ -280,15 +313,8 @@ krb5_change_set_password(krb5_context co
+ 				       &local_result_code, 
+ 				       result_string);
+ 
+-	if (code) {
+-	    if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
+-		krb5int_free_addrlist (&al);
+-		useTcp = 1;
+-		continue;
+-	    }
+-
+-	    break;
+-	}
++	if (code)
++	    goto cleanup;
+ 
+ 	if (result_code)
+ 	    *result_code = local_result_code;
+@@ -313,14 +339,7 @@ krb5_change_set_password(krb5_context co
+ 	    }
+ 	    strncpy(result_code_string->data, code_string, result_code_string->length);
+ 	}
+-
+-	if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
+-	    krb5int_free_addrlist (&al);
+-	    useTcp = 1;
+-        } else {
+-	    break;
+-	} 
+-    } while (TRUE);
++    }
+ 
+ cleanup:
+     if (callback_ctx.auth_context != NULL)
diff --git a/krb5.spec b/krb5.spec
index 050be43..146c4ad 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -14,7 +14,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -83,6 +83,7 @@ Patch55: krb5-1.6.1-empty.patch
 Patch56: krb5-1.6.2-doublelog.patch
 Patch57: krb5-1.6.2-login_chdir.patch
 Patch58: krb5-1.6.2-key_exp.patch
+Patch59: krb5-kpasswd_tcp.patch
 
 Patch60: krb5-1.6.1-pam.patch
 Patch61: krb5-trunk-manpaths.patch
@@ -204,6 +205,9 @@ installed on systems which are meant provide these services.
 %endif
 
 %changelog
+* Thu Aug 23 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-3
+- rebuild
+
 * Thu Jul 26 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-2
 - kdc.conf: default to listening for TCP clients, too (#248415)
 
@@ -1203,6 +1207,7 @@ popd
 #%patch56 -p1 -b .doublelog
 #%patch57 -p1 -b .login_chdir
 #%patch58 -p1 -b .key_exp
+#%patch59 -p0 -b .kpasswd_tcp
 cp src/krb524/README README.krb524
 gzip doc/*.ps
author	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-08-23 20:50:42 +0000
committer	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-08-23 20:50:42 +0000
commit	79f8a98d4fe02e86bd2c92801179efa38c520cdc (patch)
tree	d46e9b02871792603549d6f0391977d303e35b8b
parent	2f7dffc0f30148c0931250984cda881407bb6a6e (diff)