diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2014-09-05 17:51:35 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2014-09-05 18:18:58 -0400 |
commit | 888bc144da94c9bf8d2c35ab38868e748c059de3 (patch) | |
tree | 75f2892ca8e4b049bbdce82ffd200cf66dea81bc /krb5-1.10-kpasswd_tcp.patch | |
parent | f69697ba82697909efed00f34c51901f881e1989 (diff) | |
download | krb5-888bc144da94c9bf8d2c35ab38868e748c059de3.tar.gz krb5-888bc144da94c9bf8d2c35ab38868e748c059de3.tar.xz krb5-888bc144da94c9bf8d2c35ab38868e748c059de3.zip |
Add HTTPS patches from masterkrb5-1.12.2-6.fc21
Pull in a stack of patches to add support for accessing servers via
HTTPS proxies, such as python-kdcproxy or the KDC Proxy Service on a
properly-outfitted Windows box. Pull in the patch to move the logic out
of libkrb5 proper and into a loadable plugin to avoid linking our local
applications against our libkrb5 against libssl against the installed
copy of libgssapi_krb5 and our local libkrb5support. Adjust a couple of
other patches to apply correctly after them.
Diffstat (limited to 'krb5-1.10-kpasswd_tcp.patch')
-rw-r--r-- | krb5-1.10-kpasswd_tcp.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/krb5-1.10-kpasswd_tcp.patch b/krb5-1.10-kpasswd_tcp.patch deleted file mode 100644 index fd8da8e..0000000 --- a/krb5-1.10-kpasswd_tcp.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fall back to TCP on kdc-unresolvable/unreachable errors. We still have -to wait for UDP to fail, so this might not be ideal. RT #5868. - ---- krb5/src/lib/krb5/os/changepw.c -+++ krb5/src/lib/krb5/os/changepw.c -@@ -270,10 +270,22 @@ change_set_password(krb5_context context - &callback_info, &chpw_rep, ss2sa(&remote_addr), - &addrlen, NULL, NULL, NULL); - if (code) { -- /* -- * Here we may want to switch to TCP on some errors. -- * right? -- */ -+ /* if we're not using a stream socket, and it's an error which -+ * might reasonably be specific to a datagram "connection", try -+ * again with a stream socket */ -+ if (!use_tcp) { -+ switch (code) { -+ case KRB5_KDC_UNREACH: -+ case KRB5_REALM_CANT_RESOLVE: -+ case KRB5KRB_ERR_RESPONSE_TOO_BIG: -+ /* should we do this for more result codes than these? */ -+ k5_free_serverlist (&sl); -+ use_tcp = 1; -+ continue; -+ default: -+ break; -+ } -+ } - break; - } - |