From b4a8dd811a9a9d208fe0b342985f4636a5cd9916 Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Mon, 3 Apr 2023 15:30:43 +0200 Subject: [PATCH] Add an option for minimum lifetime * Remove unused patch files * Fix date typographical error in changelog Resolves: rhbz#2184333 Signed-off-by: Julien Rische --- 0001-Add-an-option-for-minimum-lifetime.patch | 139 +++++++++++ ...ciphertext-data-in-gp_encrypt_buffer.patch | 31 --- ...special-mechs-in-gss_mech_interposer.patch | 33 --- ...y-allocation-in-gpm_inquire_mechs_fo.patch | 56 ----- Document-config-file-non-merging.patch | 29 --- ...lobal-static-mechs-to-conform-to-SPI.patch | 217 ------------------ ...-of-mech-OID-in-gssi_inquire_context.patch | 26 --- Fix-leaks-in-our-test-suite-itself.patch | 156 ------------- ...erposed-mech-list-without-allocation.patch | 92 -------- Initialize-our-epoll_event-structures.patch | 37 --- ...e-to-free-also-the-remote-ctx-struct.patch | 27 --- Return-static-oids-for-naming-functions.patch | 156 ------------- Use-static-OIDs-in-gss_inquire_context.patch | 30 --- ...orrect-function-to-free-unused-creds.patch | 39 ---- gssproxy.spec | 11 +- 15 files changed, 148 insertions(+), 931 deletions(-) create mode 100644 0001-Add-an-option-for-minimum-lifetime.patch delete mode 100644 Always-free-ciphertext-data-in-gp_encrypt_buffer.patch delete mode 100644 Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch delete mode 100644 Avoid-unnecessary-allocation-in-gpm_inquire_mechs_fo.patch delete mode 100644 Document-config-file-non-merging.patch delete mode 100644 Expand-use-of-global-static-mechs-to-conform-to-SPI.patch delete mode 100644 Fix-leak-of-mech-OID-in-gssi_inquire_context.patch delete mode 100644 Fix-leaks-in-our-test-suite-itself.patch delete mode 100644 Initialize-interposed-mech-list-without-allocation.patch delete mode 100644 Initialize-our-epoll_event-structures.patch delete mode 100644 Make-sure-to-free-also-the-remote-ctx-struct.patch delete mode 100644 Return-static-oids-for-naming-functions.patch delete mode 100644 Use-static-OIDs-in-gss_inquire_context.patch delete mode 100644 Use-the-correct-function-to-free-unused-creds.patch diff --git a/0001-Add-an-option-for-minimum-lifetime.patch b/0001-Add-an-option-for-minimum-lifetime.patch new file mode 100644 index 0000000..002cc76 --- /dev/null +++ b/0001-Add-an-option-for-minimum-lifetime.patch @@ -0,0 +1,139 @@ +From 7945bd756c5e41ec223c058b2c698809f04f3c77 Mon Sep 17 00:00:00 2001 +From: Scott Mayhew +Date: Thu, 2 Sep 2021 12:44:27 -0400 +Subject: [PATCH] Add an option for minimum lifetime + +It's possible for gssproxy to return a cached credential with a very +small remaining lifetime. This can be problematic for NFS clients since +it requires a round trip to the NFS server to establish a GSS context. +Add a min_lifetime option that represents the lowest value that the +lifetime of the cached credential can be. Any lower than that, and +gp_check_cred() returns GSS_S_CREDENTIALS_EXPIRED, so that +gp_add_krb5_creds() is forced to try to obtain a new credential. + +Signed-off-by: Scott Mayhew +--- + examples/99-nfs-client.conf.in | 1 + + man/gssproxy.conf.5.xml | 15 +++++++++++++++ + src/gp_config.c | 12 ++++++++++++ + src/gp_creds.c | 12 ++++++++++-- + src/gp_proxy.h | 1 + + 5 files changed, 39 insertions(+), 2 deletions(-) + +diff --git a/examples/99-nfs-client.conf.in b/examples/99-nfs-client.conf.in +index c0985d9..9dd1891 100644 +--- a/examples/99-nfs-client.conf.in ++++ b/examples/99-nfs-client.conf.in +@@ -7,3 +7,4 @@ + allow_any_uid = yes + trusted = yes + euid = 0 ++ min_lifetime = 60 +diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml +index 67dce68..f02b1d3 100644 +--- a/man/gssproxy.conf.5.xml ++++ b/man/gssproxy.conf.5.xml +@@ -331,6 +331,21 @@ + + + ++ ++ min_lifetime (integer) ++ ++ Minimum lifetime of a cached credential, in seconds. ++ If non-zero, when gssproxy is deciding whether to use ++ a cached credential, it will compare the lifetime of the ++ cached credential to this value. If the lifetime of the ++ cached credential is lower, gssproxy will treat the cached ++ credential as expired and will attempt to obtain a new ++ credential. ++ ++ Default: min_lifetime = 15 ++ ++ ++ + + program (string) + +diff --git a/src/gp_config.c b/src/gp_config.c +index 88d5f29..6a6aa90 100644 +--- a/src/gp_config.c ++++ b/src/gp_config.c +@@ -32,6 +32,7 @@ struct gp_flag_def flag_names[] = { + + #define DEFAULT_FILTERED_FLAGS GSS_C_DELEG_FLAG + #define DEFAULT_ENFORCED_FLAGS 0 ++#define DEFAULT_MIN_LIFETIME 15 + + static void free_str_array(const char ***a, int *count) + { +@@ -538,6 +539,17 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx) + goto done; + } + } ++ ++ cfg->svcs[n]->min_lifetime = DEFAULT_MIN_LIFETIME; ++ ret = gp_config_get_int(ctx, secname, "min_lifetime", &valnum); ++ if (ret == 0) { ++ if (valnum >= 0) { ++ cfg->svcs[n]->min_lifetime = valnum; ++ } else { ++ GPDEBUG("Invalid value '%d' for min_lifetime in [%s], ignoring.\n", ++ valnum, secname); ++ } ++ } + } + safefree(secname); + } +diff --git a/src/gp_creds.c b/src/gp_creds.c +index 92a6f13..843d1a3 100644 +--- a/src/gp_creds.c ++++ b/src/gp_creds.c +@@ -492,6 +492,7 @@ done: + } + + static uint32_t gp_check_cred(uint32_t *min, ++ struct gp_service *svc, + gss_cred_id_t in_cred, + gssx_name *desired_name, + gss_cred_usage_t cred_usage) +@@ -563,7 +564,14 @@ static uint32_t gp_check_cred(uint32_t *min, + if (lifetime == 0) { + ret_maj = GSS_S_CREDENTIALS_EXPIRED; + } else { +- ret_maj = GSS_S_COMPLETE; ++ if (svc->min_lifetime && lifetime < svc->min_lifetime) { ++ GPDEBUG("%s: lifetime (%u) less than min_lifetime (%u) " ++ "for service \"%s\" - returning\n", ++ __func__, lifetime, svc->min_lifetime, svc->name); ++ ret_maj = GSS_S_CREDENTIALS_EXPIRED; ++ } else { ++ ret_maj = GSS_S_COMPLETE; ++ } + } + + done: +@@ -622,7 +630,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min, + * function completely */ + + /* just check if it is a valid krb5 cred */ +- ret_maj = gp_check_cred(&ret_min, in_cred, desired_name, cred_usage); ++ ret_maj = gp_check_cred(&ret_min, gpcall->service, in_cred, desired_name, cred_usage); + if (ret_maj == GSS_S_COMPLETE) { + return GSS_S_COMPLETE; + } else if (ret_maj == GSS_S_CREDENTIALS_EXPIRED || +diff --git a/src/gp_proxy.h b/src/gp_proxy.h +index 3f58a43..f56d640 100644 +--- a/src/gp_proxy.h ++++ b/src/gp_proxy.h +@@ -45,6 +45,7 @@ struct gp_service { + gss_cred_usage_t cred_usage; + uint32_t filter_flags; + uint32_t enforce_flags; ++ uint32_t min_lifetime; + char *program; + + uint32_t mechs; +-- +2.39.2 + diff --git a/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch b/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch deleted file mode 100644 index a71ba45..0000000 --- a/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d9a37354c9a040b151fbd737b84b7cacb315ec9d Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 15:35:40 -0400 -Subject: [PATCH] Always free ciphertext data in gp_encrypt_buffer - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: rewrote commit message] -Reviewed-by: Robbie Harwood -(cherry picked from commit fe9e3c29caab90daf19028fb31ff28622d8708a9) ---- - src/gp_export.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/gp_export.c b/src/gp_export.c -index a5681c0..fb2f81b 100644 ---- a/src/gp_export.c -+++ b/src/gp_export.c -@@ -308,10 +308,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key, - ret = gp_conv_octet_string(enc_handle.ciphertext.length, - enc_handle.ciphertext.data, - out); -- if (ret) { -- free(enc_handle.ciphertext.data); -- goto done; -- } -+ /* the conversion function copies the data, so free our copy -+ * unconditionally, or we leak */ -+ free(enc_handle.ciphertext.data); - - done: - free(padded); diff --git a/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch b/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch deleted file mode 100644 index b29e948..0000000 --- a/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 31 Jul 2020 13:23:30 -0400 -Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer() - -Signed-off-by: Robbie Harwood -(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8) ---- - src/mechglue/gss_plugin.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c -index 69a9644..9ce3e15 100644 ---- a/src/mechglue/gss_plugin.c -+++ b/src/mechglue/gss_plugin.c -@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) - gss_OID_set interposed_mechs; - OM_uint32 maj, min; - char *envval; -+ gss_OID_set special_mechs; - - /* avoid looping in the gssproxy daemon by avoiding to interpose - * any mechanism */ -@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) - } - - /* while there also initiaize special_mechs */ -- (void)gpp_special_available_mechs(interposed_mechs); -+ special_mechs = gpp_special_available_mechs(interposed_mechs); -+ (void)gss_release_oid_set(&min, &special_mechs); - - done: - if (maj != 0) { diff --git a/Avoid-unnecessary-allocation-in-gpm_inquire_mechs_fo.patch b/Avoid-unnecessary-allocation-in-gpm_inquire_mechs_fo.patch deleted file mode 100644 index d5973b5..0000000 --- a/Avoid-unnecessary-allocation-in-gpm_inquire_mechs_fo.patch +++ /dev/null @@ -1,56 +0,0 @@ -From ebd66fbf42887220a0ff38cfea03a7b20fa4da17 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 17:20:44 -0400 -Subject: [PATCH] Avoid unnecessary allocation in gpm_inquire_mechs_for_name() - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: clarified commit message] -Reviewed-by: Robbie Harwood -(cherry picked from commit c0561c078bc22b9523ac25f515ad85b735c26a92) ---- - src/client/gpm_indicate_mechs.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/client/gpm_indicate_mechs.c b/src/client/gpm_indicate_mechs.c -index 4041dcd..73fadf0 100644 ---- a/src/client/gpm_indicate_mechs.c -+++ b/src/client/gpm_indicate_mechs.c -@@ -390,7 +390,7 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status, - uint32_t ret_min; - uint32_t ret_maj; - uint32_t discard; -- gss_OID name_type = GSS_C_NO_OID; -+ gss_OID_desc name_type; - int present; - - if (!minor_status) { -@@ -407,19 +407,14 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status, - return GSS_S_FAILURE; - } - -- ret_min = gp_conv_gssx_to_oid_alloc(&input_name->name_type, &name_type); -- if (ret_min) { -- ret_maj = GSS_S_FAILURE; -- goto done; -- } -- - ret_maj = gss_create_empty_oid_set(&ret_min, mech_types); - if (ret_maj) { - goto done; - } - -+ gp_conv_gssx_to_oid(&input_name->name_type, &name_type); - for (unsigned i = 0; i < global_mechs.info_len; i++) { -- ret_maj = gss_test_oid_set_member(&ret_min, name_type, -+ ret_maj = gss_test_oid_set_member(&ret_min, &name_type, - global_mechs.info[i].name_types, - &present); - if (ret_maj) { -@@ -437,7 +432,6 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status, - } - - done: -- gss_release_oid(&discard, &name_type); - if (ret_maj) { - gss_release_oid_set(&discard, mech_types); - *minor_status = ret_min; diff --git a/Document-config-file-non-merging.patch b/Document-config-file-non-merging.patch deleted file mode 100644 index d209430..0000000 --- a/Document-config-file-non-merging.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2592d32c5c6d39f30dc0bfdb78b5c292ed0af2ae Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 10 Jun 2020 15:50:36 -0400 -Subject: [PATCH] Document config file non-merging - -Merges: #4 -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -(cherry picked from commit a05b876badd52ba99d95c981f5f8b0e50de28c63) ---- - man/gssproxy.conf.5.xml | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml -index 04059a8..5e240ab 100644 ---- a/man/gssproxy.conf.5.xml -+++ b/man/gssproxy.conf.5.xml -@@ -37,7 +37,10 @@ - of the form "##-foo.conf" (that is, start with two numbers - followed by a dash, and end in ".conf"). Files not conforming to - this will be ignored unless specifically requested through command -- line parameters. -+ line parameters. Within a single file, any duplicate values or -+ sections will be merged. Across multiple files, duplicates will -+ generate a warning, and the first value encountered will take -+ precedence (i.e., there is no merging). - - - diff --git a/Expand-use-of-global-static-mechs-to-conform-to-SPI.patch b/Expand-use-of-global-static-mechs-to-conform-to-SPI.patch deleted file mode 100644 index 720832e..0000000 --- a/Expand-use-of-global-static-mechs-to-conform-to-SPI.patch +++ /dev/null @@ -1,217 +0,0 @@ -From b7ccb627f4663ca949e3483486478add8f61cb27 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 11:34:45 -0400 -Subject: [PATCH] Expand use of global static mechs to conform to SPI - -GSSAPI requires some specific APIs to return "static" OIDs that the user -does not have to free. The krb5 mechglue in fact requires mechanisms to -also honor this or the mech oid will be irretrievably leaked in some -cases. - -To accomodate this, expand use of global mechs structure we already -allocate for the gss_inidicate_mechs case so we can return "static" OIDs -from calls like ISC and ASC. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: commit message fixups] -Reviewed-by: Robbie Harwood -(cherry picked from commit a3f13b30ef3c90ff7344c3913f6e26e55b82451f) ---- - src/client/gpm_accept_sec_context.c | 22 ++++++------------- - src/client/gpm_common.c | 1 - - src/client/gpm_indicate_mechs.c | 34 +++++++++++++++++++++++++++++ - src/client/gpm_init_sec_context.c | 19 +++++----------- - src/client/gssapi_gpm.h | 3 +++ - src/mechglue/gss_plugin.c | 5 +++++ - 6 files changed, 55 insertions(+), 29 deletions(-) - -diff --git a/src/client/gpm_accept_sec_context.c b/src/client/gpm_accept_sec_context.c -index ef5e79c..ab20b03 100644 ---- a/src/client/gpm_accept_sec_context.c -+++ b/src/client/gpm_accept_sec_context.c -@@ -21,7 +21,6 @@ OM_uint32 gpm_accept_sec_context(OM_uint32 *minor_status, - gssx_res_accept_sec_context *res = &ures.accept_sec_context; - gssx_ctx *ctx = NULL; - gssx_name *name = NULL; -- gss_OID_desc *mech = NULL; - gss_buffer_t outbuf = NULL; - uint32_t ret_maj; - int ret; -@@ -70,15 +69,6 @@ OM_uint32 gpm_accept_sec_context(OM_uint32 *minor_status, - goto done; - } - -- if (mech_type) { -- if (res->status.mech.octet_string_len) { -- ret = gp_conv_gssx_to_oid_alloc(&res->status.mech, &mech); -- if (ret) { -- goto done; -- } -- } -- } -- - ctx = res->context_handle; - /* we are stealing the delegated creds on success, so we do not want - * it to be freed by xdr_free */ -@@ -101,8 +91,14 @@ OM_uint32 gpm_accept_sec_context(OM_uint32 *minor_status, - } - - if (mech_type) { -- *mech_type = mech; -+ gss_OID_desc mech; -+ gp_conv_gssx_to_oid(&res->status.mech, &mech); -+ ret = gpm_mech_to_static(&mech, mech_type); -+ if (ret) { -+ goto done; -+ } - } -+ - if (src_name) { - *src_name = name; - } -@@ -145,10 +141,6 @@ done: - xdr_free((xdrproc_t)xdr_gssx_name, (char *)name); - free(name); - } -- if (mech) { -- free(mech->elements); -- free(mech); -- } - if (outbuf) { - free(outbuf->value); - free(outbuf); -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index 786a77b..820243e 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -799,4 +799,3 @@ void gpm_free_xdrs(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) - xdr_free(gpm_xdr_set[proc].arg_fn, (char *)arg); - xdr_free(gpm_xdr_set[proc].res_fn, (char *)res); - } -- -diff --git a/src/client/gpm_indicate_mechs.c b/src/client/gpm_indicate_mechs.c -index b019a96..86c7de3 100644 ---- a/src/client/gpm_indicate_mechs.c -+++ b/src/client/gpm_indicate_mechs.c -@@ -300,6 +300,40 @@ static int gpmint_init_global_mechs(void) - return 0; - } - -+/* GSSAPI requires some APIs to return "static" mechs that callers do not need -+ * to free. So match a radom mech and return from our global "static" array */ -+int gpm_mech_to_static(gss_OID mech_type, gss_OID *mech_static) -+{ -+ int ret; -+ -+ ret = gpmint_init_global_mechs(); -+ if (ret) { -+ return ret; -+ } -+ -+ *mech_static = GSS_C_NO_OID; -+ for (size_t i = 0; i < global_mechs.mech_set->count; i++) { -+ if (gpm_equal_oids(&global_mechs.mech_set->elements[i], mech_type)) { -+ *mech_static = &global_mechs.mech_set->elements[i]; -+ return 0; -+ } -+ } -+ /* TODO: potentially in future add the mech to the list if missing */ -+ return ENOENT; -+} -+ -+bool gpm_mech_is_static(gss_OID mech_type) -+{ -+ if (global_mechs.mech_set) { -+ for (size_t i = 0; i < global_mechs.mech_set->count; i++) { -+ if (&global_mechs.mech_set->elements[i] == mech_type) { -+ return true; -+ } -+ } -+ } -+ return false; -+} -+ - OM_uint32 gpm_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set) - { - uint32_t ret_min; -diff --git a/src/client/gpm_init_sec_context.c b/src/client/gpm_init_sec_context.c -index bea2010..b84ff94 100644 ---- a/src/client/gpm_init_sec_context.c -+++ b/src/client/gpm_init_sec_context.c -@@ -43,7 +43,6 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, - gssx_arg_init_sec_context *arg = &uarg.init_sec_context; - gssx_res_init_sec_context *res = &ures.init_sec_context; - gssx_ctx *ctx = NULL; -- gss_OID_desc *mech = NULL; - gss_buffer_t outbuf = NULL; - uint32_t ret_maj = GSS_S_COMPLETE; - uint32_t ret_min = 0; -@@ -100,11 +99,12 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, - - /* return values */ - if (actual_mech_type) { -- if (res->status.mech.octet_string_len) { -- ret = gp_conv_gssx_to_oid_alloc(&res->status.mech, &mech); -- if (ret) { -- goto done; -- } -+ gss_OID_desc mech; -+ gp_conv_gssx_to_oid(&res->status.mech, &mech); -+ ret = gpm_mech_to_static(&mech, actual_mech_type); -+ if (ret) { -+ gpm_save_internal_status(ret, gp_strerror(ret)); -+ goto done; - } - } - -@@ -151,9 +151,6 @@ done: - gpm_free_xdrs(GSSX_INIT_SEC_CONTEXT, &uarg, &ures); - - if (ret_maj == GSS_S_COMPLETE || ret_maj == GSS_S_CONTINUE_NEEDED) { -- if (actual_mech_type) { -- *actual_mech_type = mech; -- } - if (outbuf) { - *output_token = *outbuf; - free(outbuf); -@@ -170,10 +167,6 @@ done: - free(ctx); - ctx = NULL; - } -- if (mech) { -- free(mech->elements); -- free(mech); -- } - if (outbuf) { - free(outbuf->value); - free(outbuf); -diff --git a/src/client/gssapi_gpm.h b/src/client/gssapi_gpm.h -index 61124e0..b7ba04b 100644 ---- a/src/client/gssapi_gpm.h -+++ b/src/client/gssapi_gpm.h -@@ -27,6 +27,9 @@ void gpm_display_status_init_once(void); - void gpm_save_status(gssx_status *status); - void gpm_save_internal_status(uint32_t err, char *err_str); - -+int gpm_mech_to_static(gss_OID mech_type, gss_OID *mech_static); -+bool gpm_mech_is_static(gss_OID mech_type); -+ - OM_uint32 gpm_display_status(OM_uint32 *minor_status, - OM_uint32 status_value, - int status_type, -diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c -index 9ce3e15..8f401e9 100644 ---- a/src/mechglue/gss_plugin.c -+++ b/src/mechglue/gss_plugin.c -@@ -376,6 +376,11 @@ OM_uint32 gssi_internal_release_oid(OM_uint32 *minor_status, gss_OID *oid) - item = gpp_next_special_oids(item); - } - -+ if (gpm_mech_is_static(*oid)) { -+ *oid = GSS_C_NO_OID; -+ return GSS_S_COMPLETE; -+ } -+ - /* none matched, it's not ours */ - return GSS_S_CONTINUE_NEEDED; - } diff --git a/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch b/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch deleted file mode 100644 index 2ea0938..0000000 --- a/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ce271e38be223a9442efd406c9a8fa961930e35b Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 26 Aug 2020 13:36:50 -0400 -Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context() - -The name it creates holds a copy of the OID, which we need to release. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d) ---- - src/mechglue/gpp_import_and_canon_name.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c -index 745be20..7d6829f 100644 ---- a/src/mechglue/gpp_import_and_canon_name.c -+++ b/src/mechglue/gpp_import_and_canon_name.c -@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status, - return GSS_S_BAD_NAME; - } - -+ (void)gss_release_oid(&rmin, &name->mech_type); -+ - rmaj = gpm_release_name(&rmin, &name->remote); - - if (name->local) { diff --git a/Fix-leaks-in-our-test-suite-itself.patch b/Fix-leaks-in-our-test-suite-itself.patch deleted file mode 100644 index 1e7c3d2..0000000 --- a/Fix-leaks-in-our-test-suite-itself.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 617d9ee9ce967cf20462e3cc7a575fda0f945075 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 13:23:49 -0400 -Subject: [PATCH] Fix leaks in our test suite itself - -These are mostly laziness in freeing since the programs are short-lived. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: rewrote commit message] -Reviewed-by: Robbie Harwood -(cherry picked from commit dc56c86f1dcb1ae4dbc35facf5f50fb21c9d5049) ---- - tests/interposetest.c | 22 +++++++++++++++------- - tests/t_impersonate.c | 11 ++++++++--- - tests/t_init.c | 2 ++ - tests/t_setcredopt.c | 8 ++++++-- - 4 files changed, 31 insertions(+), 12 deletions(-) - -diff --git a/tests/interposetest.c b/tests/interposetest.c -index a00904f..0cdd473 100644 ---- a/tests/interposetest.c -+++ b/tests/interposetest.c -@@ -71,6 +71,8 @@ static int gptest_inq_context(gss_ctx_id_t ctx) - DEBUG("Context validity: %d sec.\n", time_rec); - - done: -+ (void)gss_release_name(&min, &src_name); -+ (void)gss_release_name(&min, &targ_name); - (void)gss_release_buffer(&min, &sname); - (void)gss_release_buffer(&min, &tname); - (void)gss_release_buffer(&min, &mechstr); -@@ -274,7 +276,7 @@ void run_client(struct aproc *data) - gp_log_failure(GSS_C_NO_OID, ret_maj, ret_min); - goto done; - } -- fprintf(stdout, "Client, RECV: [%s]\n", buffer); -+ fprintf(stdout, "Client, RECV: [%*s]\n", buflen, buffer); - - /* test gss_wrap_iov_length */ - -@@ -837,19 +839,22 @@ int main(int argc, const char *main_argv[]) - - if (opt_version) { - puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION); -- return 0; -+ ret = 0; -+ goto done; - } - - if (opt_target == NULL) { - fprintf(stderr, "Missing target!\n"); - poptPrintUsage(pc, stderr, 0); -- return 1; -+ ret = 1; -+ goto done; - } - - if (!opt_all) { -- return run_cli_srv_test(PROXY_LOCAL_ONLY, -- PROXY_LOCAL_ONLY, -- opt_target); -+ ret = run_cli_srv_test(PROXY_LOCAL_ONLY, -+ PROXY_LOCAL_ONLY, -+ opt_target); -+ goto done; - } - - for (i=0; i<4; i++) { -@@ -861,10 +866,13 @@ int main(int argc, const char *main_argv[]) - lookup_gssproxy_behavior(k), - ret ? "failed" : "succeeded"); - if (ret) { -- return ret; -+ goto done; - } - } - } - -+done: -+ poptFreeContext(pc); -+ free(opt_target); - return ret; - } -diff --git a/tests/t_impersonate.c b/tests/t_impersonate.c -index 8ca6e9c..e7b0bc2 100644 ---- a/tests/t_impersonate.c -+++ b/tests/t_impersonate.c -@@ -12,9 +12,9 @@ int main(int argc, const char *argv[]) - gss_ctx_id_t accept_ctx = GSS_C_NO_CONTEXT; - gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER; - gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER; -- gss_name_t user_name; -- gss_name_t proxy_name; -- gss_name_t target_name; -+ gss_name_t user_name = GSS_C_NO_NAME; -+ gss_name_t proxy_name = GSS_C_NO_NAME; -+ gss_name_t target_name = GSS_C_NO_NAME; - gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) }; - uint32_t ret_maj; - uint32_t ret_min; -@@ -207,9 +207,14 @@ int main(int argc, const char *argv[]) - ret = 0; - - done: -+ gss_release_name(&ret_min, &user_name); -+ gss_release_name(&ret_min, &proxy_name); -+ gss_release_name(&ret_min, &target_name); - gss_release_buffer(&ret_min, &in_token); - gss_release_buffer(&ret_min, &out_token); - gss_release_cred(&ret_min, &impersonator_cred_handle); - gss_release_cred(&ret_min, &cred_handle); -+ gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER); -+ gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER); - return ret; - } -diff --git a/tests/t_init.c b/tests/t_init.c -index 02407ce..76bd4c1 100644 ---- a/tests/t_init.c -+++ b/tests/t_init.c -@@ -82,6 +82,8 @@ int main(int argc, const char *argv[]) - goto done; - } - -+ gss_release_buffer(&ret_min, &out_token); -+ - ret = t_recv_buffer(STDIN_FD, buffer, &buflen); - if (ret != 0) { - DEBUG("Failed to read token from STDIN\n"); -diff --git a/tests/t_setcredopt.c b/tests/t_setcredopt.c -index 1399474..bc5e13f 100644 ---- a/tests/t_setcredopt.c -+++ b/tests/t_setcredopt.c -@@ -12,8 +12,8 @@ int main(int argc, const char *argv[]) - gss_ctx_id_t accept_ctx = GSS_C_NO_CONTEXT; - gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER; - gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER; -- gss_name_t user_name; -- gss_name_t target_name; -+ gss_name_t user_name = GSS_C_NO_NAME; -+ gss_name_t target_name = GSS_C_NO_NAME; - gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) }; - uint32_t ret_maj; - uint32_t ret_min; -@@ -160,8 +160,12 @@ int main(int argc, const char *argv[]) - ret = 0; - - done: -+ gss_release_name(&ret_min, &user_name); -+ gss_release_name(&ret_min, &target_name); - gss_release_buffer(&ret_min, &in_token); - gss_release_buffer(&ret_min, &out_token); - gss_release_cred(&ret_min, &cred_handle); -+ gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER); -+ gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER); - return ret; - } diff --git a/Initialize-interposed-mech-list-without-allocation.patch b/Initialize-interposed-mech-list-without-allocation.patch deleted file mode 100644 index 3a0a694..0000000 --- a/Initialize-interposed-mech-list-without-allocation.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 4abda7e47551f39adfc074fc017f6006a4b91a19 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 12:32:06 -0400 -Subject: [PATCH] Initialize interposed mech list without allocation - -While we had already fixed the leak here in main, the code performed -unnecessary extra work, so just replacethe whole lot with a function -that does not do any extra allocation or copy. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: commit message] -Reviewed-by: Robbie Harwood -(cherry picked from commit 447d5352c2a81e219ccf04348a87b2ff25b7de15) ---- - src/mechglue/gss_plugin.c | 31 ++++++++++++++++++++++++++----- - 1 file changed, 26 insertions(+), 5 deletions(-) - -diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c -index 8f401e9..5767f4d 100644 ---- a/src/mechglue/gss_plugin.c -+++ b/src/mechglue/gss_plugin.c -@@ -65,6 +65,8 @@ enum gpp_behavior gpp_get_behavior(void) - return behavior; - } - -+static void gpp_init_special_available_mechs(const gss_OID_set mechs); -+ - /* 2.16.840.1.113730.3.8.15.1 */ - const gss_OID_desc gssproxy_mech_interposer = { - .length = 11, -@@ -76,7 +78,6 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) - gss_OID_set interposed_mechs; - OM_uint32 maj, min; - char *envval; -- gss_OID_set special_mechs; - - /* avoid looping in the gssproxy daemon by avoiding to interpose - * any mechanism */ -@@ -119,8 +120,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) - } - - /* while there also initiaize special_mechs */ -- special_mechs = gpp_special_available_mechs(interposed_mechs); -- (void)gss_release_oid_set(&min, &special_mechs); -+ gpp_init_special_available_mechs(interposed_mechs); - - done: - if (maj != 0) { -@@ -307,13 +307,13 @@ gss_OID_set gpp_special_available_mechs(const gss_OID_set mechs) - gss_OID n; - uint32_t maj, min; - -- item = gpp_get_special_oids(); -- - maj = gss_create_empty_oid_set(&min, &amechs); - if (maj) { - return GSS_C_NO_OID_SET; - } - for (size_t i = 0; i < mechs->count; i++) { -+ item = gpp_get_special_oids(); -+ - while (item) { - if (gpp_is_special_oid(&mechs->elements[i])) { - maj = gss_add_oid_set_member(&min, -@@ -354,6 +354,27 @@ done: - return amechs; - } - -+static void gpp_init_special_available_mechs(const gss_OID_set mechs) -+{ -+ struct gpp_special_oid_list *item; -+ -+ for (size_t i = 0; i < mechs->count; i++) { -+ item = gpp_get_special_oids(); -+ -+ while (item) { -+ if (gpp_is_special_oid(&mechs->elements[i]) || -+ gpp_special_equal(&item->special_oid, &mechs->elements[i])) { -+ break; -+ } -+ item = gpp_next_special_oids(item); -+ } -+ if (item == NULL) { -+ /* not found, add to static list */ -+ (void)gpp_new_special_mech(&mechs->elements[i]); -+ } -+ } -+} -+ - OM_uint32 gssi_internal_release_oid(OM_uint32 *minor_status, gss_OID *oid) - { - struct gpp_special_oid_list *item = NULL; diff --git a/Initialize-our-epoll_event-structures.patch b/Initialize-our-epoll_event-structures.patch deleted file mode 100644 index 459b9f7..0000000 --- a/Initialize-our-epoll_event-structures.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 35579d9de1d3f295fb4548c73fc6a729d04128c6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 30 Jul 2020 16:43:30 -0400 -Subject: [PATCH] Initialize our epoll_event structures - -Fixes a valgrind error for the other fields of epoll_event. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67) ---- - src/client/gpm_common.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index 60b1fdc..786a77b 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -199,6 +199,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx) - struct epoll_event ev; - int ret; - -+ memset(&ev, 0, sizeof(ev)); -+ - if (gpmctx->epollfd >= 0) { - gpm_epoll_close(gpmctx); - } -@@ -280,6 +282,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) - struct epoll_event events[2]; - uint64_t timer_read; - -+ memset(&ev, 0, sizeof(ev)); -+ memset(&events[0], 0, sizeof(events[0])); -+ memset(&events[1], 0, sizeof(events[1])); -+ - if (gpmctx->epollfd < 0) { - ret = gpm_epoll_setup(gpmctx); - if (ret) diff --git a/Make-sure-to-free-also-the-remote-ctx-struct.patch b/Make-sure-to-free-also-the-remote-ctx-struct.patch deleted file mode 100644 index 4c602f4..0000000 --- a/Make-sure-to-free-also-the-remote-ctx-struct.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8d5457c290d513781b54be54ede9c81cc5d1fff8 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 12:44:45 -0400 -Subject: [PATCH] Make sure to free also the remote ctx struct - -The xdr_free() call only frees the contents and not the containing -structure itself. - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -(cherry picked from commit e6811347c23b6c62d9f1869da089ab9900f97a84) ---- - src/client/gpm_release_handle.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/client/gpm_release_handle.c b/src/client/gpm_release_handle.c -index 8f49ee9..2f70781 100644 ---- a/src/client/gpm_release_handle.c -+++ b/src/client/gpm_release_handle.c -@@ -106,5 +106,7 @@ rel_done: - gpm_free_xdrs(GSSX_RELEASE_HANDLE, &uarg, &ures); - done: - xdr_free((xdrproc_t)xdr_gssx_ctx, (char *)r); -+ free(r); -+ *context_handle = NULL; - return ret; - } diff --git a/Return-static-oids-for-naming-functions.patch b/Return-static-oids-for-naming-functions.patch deleted file mode 100644 index 77a1f4a..0000000 --- a/Return-static-oids-for-naming-functions.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 41cb9683627d6c3b136a4b48e1b1842619132f16 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 17:01:39 -0400 -Subject: [PATCH] Return static oids for naming functions - -gss_display_name and gss_inquire_name reteurn "static" oids, that are -generally not freed by callers, so make sure to match and return actual -static OIDs exported by GSSAPI. - -Also remove gpm_equal_oids() and use the library provided gss_oid_equal -function instead. - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -(cherry picked from commit 6ea8391257e687dfb3981b634c06cf7a55008eb0) ---- - src/client/gpm_import_and_canon_name.c | 28 ++++++++++++++++++++++++-- - src/client/gpm_indicate_mechs.c | 24 +++++----------------- - src/client/gssapi_gpm.h | 1 + - 3 files changed, 32 insertions(+), 21 deletions(-) - -diff --git a/src/client/gpm_import_and_canon_name.c b/src/client/gpm_import_and_canon_name.c -index 70149a3..88b8d7c 100644 ---- a/src/client/gpm_import_and_canon_name.c -+++ b/src/client/gpm_import_and_canon_name.c -@@ -2,6 +2,26 @@ - - #include "gssapi_gpm.h" - -+static int gpm_name_oid_to_static(gss_OID name_type, gss_OID *name_static) -+{ -+#define ret_static(b) \ -+ if (gss_oid_equal(name_type, b)) { \ -+ *name_static = b; \ -+ return 0; \ -+ } -+ ret_static(GSS_C_NT_USER_NAME); -+ ret_static(GSS_C_NT_MACHINE_UID_NAME); -+ ret_static(GSS_C_NT_STRING_UID_NAME); -+ ret_static(GSS_C_NT_HOSTBASED_SERVICE_X); -+ ret_static(GSS_C_NT_HOSTBASED_SERVICE); -+ ret_static(GSS_C_NT_ANONYMOUS); -+ ret_static(GSS_C_NT_EXPORT_NAME); -+ ret_static(GSS_C_NT_COMPOSITE_EXPORT); -+ ret_static(GSS_KRB5_NT_PRINCIPAL_NAME); -+ ret_static(gss_nt_krb5_name); -+ return ENOENT; -+} -+ - OM_uint32 gpm_display_name(OM_uint32 *minor_status, - gssx_name *in_name, - gss_buffer_t output_name_buffer, -@@ -57,7 +77,9 @@ OM_uint32 gpm_display_name(OM_uint32 *minor_status, - } - - if (output_name_type) { -- ret = gp_conv_gssx_to_oid_alloc(&in_name->name_type, output_name_type); -+ gss_OID_desc oid; -+ gp_conv_gssx_to_oid(&in_name->name_type, &oid); -+ ret = gpm_name_oid_to_static(&oid, output_name_type); - if (ret) { - gss_release_buffer(&discard, output_name_buffer); - ret_min = ret; -@@ -285,7 +307,9 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status, - } - - if (MN_mech != NULL) { -- ret = gp_conv_gssx_to_oid_alloc(&name->name_type, MN_mech); -+ gss_OID_desc oid; -+ gp_conv_gssx_to_oid(&name->name_type, &oid); -+ ret = gpm_name_oid_to_static(&oid, MN_mech); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; -diff --git a/src/client/gpm_indicate_mechs.c b/src/client/gpm_indicate_mechs.c -index 86c7de3..4041dcd 100644 ---- a/src/client/gpm_indicate_mechs.c -+++ b/src/client/gpm_indicate_mechs.c -@@ -95,20 +95,6 @@ static uint32_t gpm_copy_gss_buffer(uint32_t *minor_status, - return GSS_S_COMPLETE; - } - --static bool gpm_equal_oids(gss_const_OID a, gss_const_OID b) --{ -- int ret; -- -- if (a->length == b->length) { -- ret = memcmp(a->elements, b->elements, a->length); -- if (ret == 0) { -- return true; -- } -- } -- -- return false; --} -- - static void gpmint_indicate_mechs(void) - { - union gp_rpc_arg uarg; -@@ -313,7 +299,7 @@ int gpm_mech_to_static(gss_OID mech_type, gss_OID *mech_static) - - *mech_static = GSS_C_NO_OID; - for (size_t i = 0; i < global_mechs.mech_set->count; i++) { -- if (gpm_equal_oids(&global_mechs.mech_set->elements[i], mech_type)) { -+ if (gss_oid_equal(&global_mechs.mech_set->elements[i], mech_type)) { - *mech_static = &global_mechs.mech_set->elements[i]; - return 0; - } -@@ -383,7 +369,7 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status, - } - - for (unsigned i = 0; i < global_mechs.info_len; i++) { -- if (!gpm_equal_oids(global_mechs.info[i].mech, mech_type)) { -+ if (!gss_oid_equal(global_mechs.info[i].mech, mech_type)) { - continue; - } - ret_maj = gpm_copy_gss_OID_set(&ret_min, -@@ -481,7 +467,7 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status, - } - - for (unsigned i = 0; i < global_mechs.info_len; i++) { -- if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) { -+ if (!gss_oid_equal(global_mechs.info[i].mech, mech)) { - continue; - } - -@@ -540,7 +526,7 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status, - } - - for (unsigned i = 0; i < global_mechs.info_len; i++) { -- if (!gpm_equal_oids(global_mechs.info[i].mech, desired_mech)) { -+ if (!gss_oid_equal(global_mechs.info[i].mech, desired_mech)) { - continue; - } - ret_maj = gpm_copy_gss_buffer(&ret_min, -@@ -598,7 +584,7 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status, - } - - for (unsigned i = 0; i < global_mechs.desc_len; i++) { -- if (!gpm_equal_oids(global_mechs.desc[i].attr, mech_attr)) { -+ if (!gss_oid_equal(global_mechs.desc[i].attr, mech_attr)) { - continue; - } - ret_maj = gpm_copy_gss_buffer(&ret_min, -diff --git a/src/client/gssapi_gpm.h b/src/client/gssapi_gpm.h -index b7ba04b..bdf12e1 100644 ---- a/src/client/gssapi_gpm.h -+++ b/src/client/gssapi_gpm.h -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include "rpcgen/gp_rpc.h" - #include "rpcgen/gss_proxy.h" - #include "src/gp_common.h" diff --git a/Use-static-OIDs-in-gss_inquire_context.patch b/Use-static-OIDs-in-gss_inquire_context.patch deleted file mode 100644 index 21eeeec..0000000 --- a/Use-static-OIDs-in-gss_inquire_context.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 9cc525b1f1184241483705dfc0a4162bc0c55632 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 17:21:03 -0400 -Subject: [PATCH] Use static OIDs in gss_inquire_context() - -As per other functions gssapi expect a static OID here. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: commit message fixup] -Reviewed-by: Robbie Harwood -(cherry picked from commit 502e448b3b126bf828ed871496dd7520d5075564) ---- - src/client/gpm_inquire_context.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/client/gpm_inquire_context.c b/src/client/gpm_inquire_context.c -index 8c683fe..5800a8d 100644 ---- a/src/client/gpm_inquire_context.c -+++ b/src/client/gpm_inquire_context.c -@@ -51,7 +51,9 @@ OM_uint32 gpm_inquire_context(OM_uint32 *minor_status, - } - - if (mech_type) { -- ret = gp_conv_gssx_to_oid_alloc(&context_handle->mech, mech_type); -+ gss_OID_desc mech; -+ gp_conv_gssx_to_oid(&context_handle->mech, &mech); -+ ret = gpm_mech_to_static(&mech, mech_type); - if (ret) { - if (src_name) { - (void)gpm_release_name(&tmp_min, src_name); diff --git a/Use-the-correct-function-to-free-unused-creds.patch b/Use-the-correct-function-to-free-unused-creds.patch deleted file mode 100644 index 3ced2b6..0000000 --- a/Use-the-correct-function-to-free-unused-creds.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f77b75b7928a2c7813aebc8a1ec107d495627685 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 27 Aug 2020 13:20:49 -0400 -Subject: [PATCH] Use the correct function to free unused creds - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -(cherry picked from commit a2ffd1230fd572d7fa9099af2365dfb7ac394d07) ---- - src/mechglue/gpp_creds.c | 2 +- - src/mechglue/gpp_init_sec_context.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/mechglue/gpp_creds.c b/src/mechglue/gpp_creds.c -index e87da82..338fadd 100644 ---- a/src/mechglue/gpp_creds.c -+++ b/src/mechglue/gpp_creds.c -@@ -895,7 +895,7 @@ done: - if (maj == GSS_S_COMPLETE) { - *cred_handle = (gss_cred_id_t)cred; - } else { -- free(cred); -+ (void)gpp_cred_handle_free(&min, cred); - } - (void)gss_release_buffer(&min, &wrap_token); - return maj; -diff --git a/src/mechglue/gpp_init_sec_context.c b/src/mechglue/gpp_init_sec_context.c -index 94d9b01..bb878df 100644 ---- a/src/mechglue/gpp_init_sec_context.c -+++ b/src/mechglue/gpp_init_sec_context.c -@@ -215,7 +215,7 @@ done: - *context_handle = (gss_ctx_id_t)ctx_handle; - - if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { -- free(cred_handle); -+ (void)gpp_cred_handle_free(&min, cred_handle); - } - return maj; - } diff --git a/gssproxy.spec b/gssproxy.spec index c0be42f..4be1f92 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,7 +1,7 @@ Name: gssproxy Version: 0.8.4 -Release: 4%{?dist} +Release: 5%{?dist} Summary: GSSAPI Proxy License: MIT @@ -14,6 +14,7 @@ Source1: rwtab %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### +Patch0001: 0001-Add-an-option-for-minimum-lifetime.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -110,6 +111,12 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy %systemd_postun_with_restart gssproxy.service %changelog +* Mon Apr 03 2023 Julien Rische - 0.8.4-5 +- Add an option for minimum lifetime +- Resolves: rhbz#2184333 +- Remove unused patch files +- Fix date typographical error in changelog + * Mon Aug 09 2021 Mohan Boddu - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 @@ -120,7 +127,7 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy * Tue Jan 26 2021 Fedora Release Engineering - 0.8.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Wed Jan 13 2020 Robbie Harwood - 0.8.4-1 +* Wed Jan 13 2021 Robbie Harwood - 0.8.4-1 - New upstream release (0.8.4) * Thu Oct 29 2020 Robbie Harwood - 0.8.3-6