rpms/gssproxy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix default proxymech documentation and fix LOCAL_FIRST implementation

Browse Source 
resolves: https://fedorahosted.org/gss-proxy/ticket/105
This commit is contained in:
Günther Deschner 2013-10-18 14:42:12 +02:00
parent badaf55b6f
commit 736164870b
3 changed files with 127 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
0001-Fix-LOCAL_FIRST-behavior.patch Normal file
View File

@ -0,0 +1,79 @@
From b73a9a18cb2df0b39c30d3e03c66d2f24ec3f57d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 15 Oct 2013 15:45:59 -0400
Subject: [PATCH 1/2] Fix LOCAL_FIRST behavior
We were erroneously returning and never falling back if LOCAL_FIRST was
selected. Correct also the remote first fallback flow.
Resolves: https://fedorahosted.org/gss-proxy/ticket/105
---
proxy/src/mechglue/gpp_acquire_cred.c | 39 +++++++++++++++++------------------
1 file changed, 19 insertions(+), 20 deletions(-)
diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c
index a3290dd72ae2d97eaa05f250a4d2dd96824abebf..fb80677eed4680470e21b820633e87b94f36d6cc 100644
--- a/proxy/src/mechglue/gpp_acquire_cred.c
+++ b/proxy/src/mechglue/gpp_acquire_cred.c
@@ -109,7 +109,7 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
out_cred_handle, actual_mechs, time_rec);
- if (maj != GSS_S_NO_CRED || behavior != GPP_LOCAL_FIRST) {
+ if (maj == GSS_S_COMPLETE || behavior == GPP_LOCAL_ONLY) {
goto done;
}
@@ -119,31 +119,30 @@ OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
}
/* Then try with remote */
- if (behavior == GPP_REMOTE_ONLY || behavior == GPP_REMOTE_FIRST) {
-
- if (name && name->local && !name->remote) {
- maj = gpp_local_to_name(&min, name->local, &name->remote);
- if (maj) {
- goto done;
- }
- }
-
- maj = gpm_acquire_cred(&min,
- name ? name->remote : NULL,
- time_req,
- desired_mechs,
- cred_usage,
- &out_cred_handle->remote,
- actual_mechs,
- time_rec);
- if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
+ if (name && name->local && !name->remote) {
+ maj = gpp_local_to_name(&min, name->local, &name->remote);
+ if (maj) {
goto done;
}
+ }
+ maj = gpm_acquire_cred(&min,
+ name ? name->remote : NULL,
+ time_req,
+ desired_mechs,
+ cred_usage,
+ &out_cred_handle->remote,
+ actual_mechs,
+ time_rec);
+ if (maj == GSS_S_COMPLETE || behavior == GPP_REMOTE_ONLY) {
+ goto done;
+ }
+
+ if (behavior == GPP_REMOTE_FIRST) {
/* So remote failed, but we can fallback to local, try that */
maj = acquire_local(&min, name, time_req, desired_mechs, cred_usage,
out_cred_handle, actual_mechs, time_rec);
- }
+ }
done:
if (maj != GSS_S_COMPLETE &&
--
1.8.3.1

39
0002-Fix-documentation-to-match-reality.patch Normal file
View File

@ -0,0 +1,39 @@
From 788132ea70522663efab652d8653e1eaa8819822 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 15 Oct 2013 15:48:04 -0400
Subject: [PATCH 2/2] Fix documentation to match reality
LOCAL_FIRST is our default
---
proxy/man/gssproxy-mech.8.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/proxy/man/gssproxy-mech.8.xml b/proxy/man/gssproxy-mech.8.xml
index b2d008cc8990c214027d2104bf72da776faf1b82..2249ced68af410d9f444ca479df1827712898354 100644
--- a/proxy/man/gssproxy-mech.8.xml
+++ b/proxy/man/gssproxy-mech.8.xml
@@ -74,10 +74,7 @@
<para>All commands received with this setting will cause
to immediately reenter the GSSAPI w/o any interaction
with the gssproxy daemon. When the request cannot be
- processed it will just fail. This is the default
- behavior when the
- <emphasis>GSSPROXY_BEHAVIOR</emphasis> environment
- variable is not set at all.
+ processed it will just fail.
</para>
</listitem>
</varlistentry>
@@ -88,6 +85,9 @@
to immediately reenter the GSSAPI. When the local
GSSAPI cannot process the request, it will resend the
request to the gssproxy daemon.
+ This is the default behavior when the
+ <emphasis>GSSPROXY_BEHAVIOR</emphasis> environment
+ variable is not set.
</para>
</listitem>
</varlistentry>
--
1.8.3.1

10
gssproxy.spec
View File

@ -1,6 +1,6 @@
Name: gssproxy
Version: 0.2.3
Release: 7%{?dist}
Release: 8%{?dist}
Summary: GSSAPI Proxy
Group: System Environment/Libraries
@ -9,6 +9,8 @@ URL: http://fedorahosted.org/gss-proxy
Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0: gssproxy-conf.patch
Patch1: 0001-Fix-LOCAL_FIRST-behavior.patch
Patch2: 0002-Fix-documentation-to-match-reality.patch
%global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy
@ -54,6 +56,8 @@ A proxy for GSSAPI credential handling
%setup -q
%patch0 -p2 -b .gssproxy_conf
%patch1 -p2 -b .gpp_default_behavior
%patch2 -p2 -b .gpp_default_behavior_doc
%build
autoreconf -f -i
@ -106,6 +110,10 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service
%changelog
* Fri Oct 18 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-8
- Fix default proxymech documentation and fix LOCAL_FIRST implementation
- resolves: https://fedorahosted.org/gss-proxy/ticket/105
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild