Drop obsolete patch
This commit is contained in:
Nalin Dahyabhai
parent
6265fcabf5
commit
0b6ebaab00
@ -1,37 +0,0 @@
|
||||
commit 37af638b742dbd642eb70092e4f7781c3f69d86d
|
||||
Author: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Tue Dec 10 12:04:18 2013 -0500
|
||||
|
||||
Fix SPNEGO one-hop interop against old IIS
|
||||
|
||||
IIS 6.0 and similar return a zero length reponse buffer in the last
|
||||
SPNEGO packet when context initiation is performed without mutual
|
||||
authentication. In this case the underlying Kerberos mechanism has
|
||||
already completed successfully on the first invocation, and SPNEGO
|
||||
does not expect a mech response token in the answer. If we get an
|
||||
empty mech response token when the mech is complete during
|
||||
negotiation, ignore it.
|
||||
|
||||
[ghudson@mit.edu: small code style and commit message changes]
|
||||
|
||||
ticket: 7797 (new)
|
||||
target_version: 1.12.1
|
||||
tags: pullup
|
||||
|
||||
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
index 3937662..d82934b 100644
|
||||
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
||||
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
@@ -760,6 +760,12 @@ init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
|
||||
map_errcode(minor_status);
|
||||
ret = GSS_S_DEFECTIVE_TOKEN;
|
||||
}
|
||||
+ } else if ((*responseToken)->length == 0 && sc->mech_complete) {
|
||||
+ /* Handle old IIS servers returning empty token instead of
|
||||
+ * null tokens in the non-mutual auth case. */
|
||||
+ *negState = ACCEPT_COMPLETE;
|
||||
+ *tokflag = NO_TOKEN_SEND;
|
||||
+ ret = GSS_S_COMPLETE;
|
||||
} else if (sc->mech_complete) {
|
||||
/* Reject spurious mech token. */
|
||||
ret = GSS_S_DEFECTIVE_TOKEN;
|
||||
@ -90,7 +90,6 @@ Patch86: krb5-1.9-debuginfo.patch
|
||||
Patch105: krb5-kvno-230379.patch
|
||||
Patch129: krb5-1.11-run_user_0.patch
|
||||
Patch134: krb5-1.11-kpasswdtest.patch
|
||||
Patch136: krb5-master-ignore-empty-unnecessary-final-token.patch
|
||||
Patch137: krb5-master-gss_oid_leak.patch
|
||||
Patch138: krb5-master-keytab_close.patch
|
||||
Patch139: krb5-1.12-copy_context.patch
|
||||
@ -315,7 +314,6 @@ ln -s NOTICE LICENSE
|
||||
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
||||
%patch86 -p0 -b .debuginfo
|
||||
%patch105 -p1 -b .kvno
|
||||
%patch136 -p1 -b .ignore-empty-unnecessary-final-token
|
||||
%patch137 -p1 -b .gss_oid_leak
|
||||
%patch138 -p1 -b .keytab_close
|
||||
%patch139 -p1 -b .copy_context
|
||||
@ -979,6 +977,7 @@ exit 0
|
||||
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
|
||||
- update to 1.12.1
|
||||
- drop patch for RT#7794, included now
|
||||
- drop patch for RT#7797, included now
|
||||
|
||||
* Mon Jan 13 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-11
|
||||
- update the PIC patch for iaesx86.s to not use ELF relocations to the version
|
||||
|
||||
Loading…
Reference in New Issue
Block a user