Pass gss_localname() through SPNEGO
This commit is contained in:
parent
46d8c677ae
commit
19d5d2e504
58
Pass-gss_localname-through-SPNEGO.patch
Normal file
58
Pass-gss_localname-through-SPNEGO.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Sun, 26 Apr 2020 19:55:54 -0400
|
||||
Subject: [PATCH] Pass gss_localname() through SPNEGO
|
||||
|
||||
ticket: 8897 (new)
|
||||
(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285)
|
||||
---
|
||||
src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++
|
||||
src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++-
|
||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
|
||||
index a93763314..066ec736f 100644
|
||||
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
|
||||
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
|
||||
@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
|
||||
OM_uint32 *max_input_size
|
||||
);
|
||||
|
||||
+OM_uint32 KRB5_CALLCONV spnego_gss_localname
|
||||
+(
|
||||
+ OM_uint32 *minor_status,
|
||||
+ const gss_name_t pname,
|
||||
+ const gss_const_OID mech_type,
|
||||
+ gss_buffer_t localname
|
||||
+);
|
||||
+
|
||||
OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
|
||||
(
|
||||
OM_uint32 *minor_status,
|
||||
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
index 8e0c3a348..8d36a05e8 100644
|
||||
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
||||
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
|
||||
spnego_gss_inquire_context, /* gss_inquire_context */
|
||||
NULL, /* gss_internal_release_oid */
|
||||
spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */
|
||||
- NULL, /* gssd_pname_to_uid */
|
||||
+ spnego_gss_localname,
|
||||
NULL, /* gss_userok */
|
||||
NULL, /* gss_export_name */
|
||||
spnego_gss_duplicate_name, /* gss_duplicate_name */
|
||||
@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit(
|
||||
return (ret);
|
||||
}
|
||||
|
||||
+OM_uint32 KRB5_CALLCONV
|
||||
+spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname,
|
||||
+ const gss_const_OID mech_type, gss_buffer_t localname)
|
||||
+{
|
||||
+ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname);
|
||||
+}
|
||||
+
|
||||
OM_uint32 KRB5_CALLCONV
|
||||
spnego_gss_get_mic(
|
||||
OM_uint32 *minor_status,
|
18
krb5.spec
18
krb5.spec
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.18.1
|
||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
# rharwood has trust path to signing key and verifies on check-in
|
||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
|
||||
@ -56,6 +56,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch
|
||||
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
|
||||
Patch15: Correctly-import-service-GSS-host-based-name.patch
|
||||
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
|
||||
Patch17: Pass-gss_localname-through-SPNEGO.patch
|
||||
|
||||
License: MIT
|
||||
URL: https://web.mit.edu/kerberos/www/
|
||||
@ -80,18 +81,13 @@ BuildRequires: iproute
|
||||
BuildRequires: libverto-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: lmdb-devel
|
||||
BuildRequires: nss_wrapper
|
||||
BuildRequires: socket_wrapper
|
||||
|
||||
# Need KDFs. This is the backported version
|
||||
BuildRequires: openssl-devel >= 1:1.1.1d-4
|
||||
BuildRequires: openssl-devel < 1:3.0.0
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
BuildRequires: yasm
|
||||
%endif
|
||||
|
||||
BuildRequires: nss_wrapper
|
||||
BuildRequires: socket_wrapper
|
||||
|
||||
%description
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
@ -633,6 +629,12 @@ exit 0
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 28 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-3
|
||||
- Pass gss_localname() through SPNEGO
|
||||
|
||||
* Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-1.1
|
||||
- Drop yasm requirement since we don't use builtin crypto
|
||||
|
||||
* Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-1
|
||||
- New upstream version (1.18.1)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user