Pass gss_localname() through SPNEGO

Pass-gss_localname-through-SPNEGO.patch

@@ -0,0 +1,58 @@
+From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Sun, 26 Apr 2020 19:55:54 -0400
+Subject: [PATCH] Pass gss_localname() through SPNEGO
+
+ticket: 8897 (new)
+(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285)
+---
+ src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++
+ src/lib/gssapi/spnego/spnego_mech.c    | 9 ++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
+index a93763314..066ec736f 100644
+--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
++++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
+@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
+ 	OM_uint32	*max_input_size
+ );
+ 
++OM_uint32 KRB5_CALLCONV spnego_gss_localname
++(
++	OM_uint32 *minor_status,
++	const gss_name_t pname,
++	const gss_const_OID mech_type,
++	gss_buffer_t localname
++);
++
+ OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
+ (
+ 	OM_uint32 *minor_status,
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 8e0c3a348..8d36a05e8 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
+ 	spnego_gss_inquire_context,	/* gss_inquire_context */
+ 	NULL,				/* gss_internal_release_oid */
+ 	spnego_gss_wrap_size_limit,	/* gss_wrap_size_limit */
+-	NULL,				/* gssd_pname_to_uid */
++	spnego_gss_localname,
+ 	NULL,				/* gss_userok */
+ 	NULL,				/* gss_export_name */
+ 	spnego_gss_duplicate_name,	/* gss_duplicate_name */
+@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit(
+ 	return (ret);
+ }
+ 
++OM_uint32 KRB5_CALLCONV
++spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname,
++		     const gss_const_OID mech_type, gss_buffer_t localname)
++{
++	return gss_localname(minor_status, pname, GSS_C_NO_OID, localname);
++}
++
+ OM_uint32 KRB5_CALLCONV
+ spnego_gss_get_mic(
+ 		OM_uint32 *minor_status,

krb5.spec

@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.18.1
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 1%{?dist}
+Release: 3%{?dist}
 
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
@@ -56,6 +56,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch
 Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
 Patch15: Correctly-import-service-GSS-host-based-name.patch
 Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
+Patch17: Pass-gss_localname-through-SPNEGO.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -80,18 +81,13 @@ BuildRequires: iproute
 BuildRequires: libverto-devel
 BuildRequires: openldap-devel
 BuildRequires: lmdb-devel
+BuildRequires: nss_wrapper
+BuildRequires: socket_wrapper
 
 # Need KDFs.  This is the backported version
 BuildRequires: openssl-devel >= 1:1.1.1d-4
 BuildRequires: openssl-devel < 1:3.0.0
 
-%ifarch %{ix86} x86_64
-BuildRequires: yasm
-%endif
-
-BuildRequires: nss_wrapper
-BuildRequires: socket_wrapper
-
 %description
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
@@ -633,6 +629,12 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Tue Apr 28 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-3
+- Pass gss_localname() through SPNEGO
+
+* Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-1.1
+- Drop yasm requirement since we don't use builtin crypto
+
 * Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-1
 - New upstream version (1.18.1)