rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop obsolete patch

Browse Source
This commit is contained in:
Nalin Dahyabhai 2014-01-17 09:59:39 -05:00
parent 6265fcabf5
commit 0b6ebaab00
2 changed files with 1 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
krb5-master-ignore-empty-unnecessary-final-token.patch
View File

@ -1,37 +0,0 @@
commit 37af638b742dbd642eb70092e4f7781c3f69d86d
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Dec 10 12:04:18 2013 -0500
Fix SPNEGO one-hop interop against old IIS
IIS 6.0 and similar return a zero length reponse buffer in the last
SPNEGO packet when context initiation is performed without mutual
authentication. In this case the underlying Kerberos mechanism has
already completed successfully on the first invocation, and SPNEGO
does not expect a mech response token in the answer. If we get an
empty mech response token when the mech is complete during
negotiation, ignore it.
[ghudson@mit.edu: small code style and commit message changes]
ticket: 7797 (new)
target_version: 1.12.1
tags: pullup
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 3937662..d82934b 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -760,6 +760,12 @@ init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
map_errcode(minor_status);
ret = GSS_S_DEFECTIVE_TOKEN;
}
+ } else if ((*responseToken)->length == 0 && sc->mech_complete) {
+ /* Handle old IIS servers returning empty token instead of
+ * null tokens in the non-mutual auth case. */
+ *negState = ACCEPT_COMPLETE;
+ *tokflag = NO_TOKEN_SEND;
+ ret = GSS_S_COMPLETE;
} else if (sc->mech_complete) {
/* Reject spurious mech token. */
ret = GSS_S_DEFECTIVE_TOKEN;

3
krb5.spec
View File

@ -90,7 +90,6 @@ Patch86: krb5-1.9-debuginfo.patch
Patch105: krb5-kvno-230379.patch Patch105: krb5-kvno-230379.patch
Patch129: krb5-1.11-run_user_0.patch Patch129: krb5-1.11-run_user_0.patch
Patch134: krb5-1.11-kpasswdtest.patch Patch134: krb5-1.11-kpasswdtest.patch
Patch136: krb5-master-ignore-empty-unnecessary-final-token.patch
Patch137: krb5-master-gss_oid_leak.patch Patch137: krb5-master-gss_oid_leak.patch
Patch138: krb5-master-keytab_close.patch Patch138: krb5-master-keytab_close.patch
Patch139: krb5-1.12-copy_context.patch Patch139: krb5-1.12-copy_context.patch
@ -315,7 +314,6 @@ ln -s NOTICE LICENSE
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
%patch86 -p0 -b .debuginfo %patch86 -p0 -b .debuginfo
%patch105 -p1 -b .kvno %patch105 -p1 -b .kvno
%patch136 -p1 -b .ignore-empty-unnecessary-final-token
%patch137 -p1 -b .gss_oid_leak %patch137 -p1 -b .gss_oid_leak
%patch138 -p1 -b .keytab_close %patch138 -p1 -b .keytab_close
%patch139 -p1 -b .copy_context %patch139 -p1 -b .copy_context
@ -979,6 +977,7 @@ exit 0
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1 * Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
- update to 1.12.1 - update to 1.12.1
- drop patch for RT#7794, included now - drop patch for RT#7794, included now
- drop patch for RT#7797, included now
* Mon Jan 13 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-11 * Mon Jan 13 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-11
- update the PIC patch for iaesx86.s to not use ELF relocations to the version - update the PIC patch for iaesx86.s to not use ELF relocations to the version